Articles on: General Questions (Pentest)

Validity of Vulnerability Assessment Report, Vetted Report & Pentest Report

Every Pentest or Vulnerability Scan by Astra comes with a validity. Having a validity for such security reports is a globally accepted norm. There are several factors on which validity of a Pentest, Vetted Report and Vulnerability Scan depends upon:

Changes in code: Whenever major changes are made to the code base on which Pentest or a vulnerability scan is done, the report becomes invalid. This is because there is a possibility of newly added code introducing vulnerabilities into the system.
New vulnerabilities discovered: Thousands of new vulnerabilities are discovered every month, this means one needs to be continuously testing their applications for these vulnerabilities to ensure they're safe against newly discovered vulnerabilities.
Changes in server or infrastructure: Just like in code, major changes in infrastructure or hosting environment can also introduce new vulnerabilities.

Validity of Vulnerability Assessment Report



Vulnerability Assessment Report is the report generated from the automated scanner by Astra. This report includes results from the tests done by our automated vulnerability scanner. There is a possibility that this report contains certain false positives too.

Validity: 14 days

Validity of Vetted Report



Vetted Reports are vulnerability assessment reports reviewed by our security engineers to ensure there are no false positives. This helps organizations with lean or no security teams to get an actionable security posture report which they can work on.

Validity: 90 days

Validity of Pentest Report



Pentest Report by Astra Security includes a complete penetration test done by our security engineers. The penetration test includes automated scanning and well as manual audit of your infrastructure to ensure every vulnerability is uncovered.

After collaborating with our customers on fixing the found vulnerabilities, a re-scan is also performed to ensure fixes for found vulnerabilities are in place. After which, a Pentest certificate which is publicly verifiable is also issued.

Validity: 180 days

The publicly verifiable Pentest Certificate also comes with a 180 day validity which can be extended by following these steps.

Updated on: 12/08/2022

Was this article helpful?

Share your feedback

Cancel

Thank you!